jueves, 30 de septiembre de 2010

Transparent Data Encryption

Transparent Data Encryption

TDE was first introduced in Oracle 10g Release 2. It is an encryption at column level. Oracle 11g introduced the encryption at tablespace level.

Enterprise Edition.

[edit] Test case
Create a "wallet" directory in $ORACLE_BASE/admin/$ORACLE_SID where Oracle can store its encryption key. If not, you will get error: ORA-28368: cannot auto-create wallet.

$ mkdir /app/oracle/admin/orcl/wallet
Create the wallet to hold the encryption key:

SQL> ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "secretpassword";
The above created wallet must be reopened after an instance restart:

SQL> ALTER SYSTEM SET WALLET OPEN IDENTIFIED BY "secretpassword";
Create a table with encrypted columns:

CREATE TABLE tde_test (
id NUMBER,
data VARCHAR2(30) ENCRYPT
);
INSERT INTO tde_test (id, data) VALUES (1, 'This data in encrypted!');
Select from the table to see the data (wallet is still open):

SQL> SELECT data FROM tde_test;
DATA
------------------------------
This data in encrypted!
Closing the wallet to prevent access to encrypted columns:

SQL> ALTER SYSTEM SET WALLET CLOSE;
Select from the table to see the data (wallet is closed):

SQL> SELECT data FROM tde_test;
SELECT data FROM tde_test
*
ERROR at line 1:
ORA-28365: wallet is not open

EXAMPLE POWER


1. Crear carpeta wallet en

C:\oracle\product\10.2.0\admin\POWER\wallet
Crear wallet

ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "0r1cl310g";

Crear columna encriptada

alter table "DBO"."A" modify ( "A" ENCRYPT USING 'AES192' );

ALTER SYSTEM SET WALLET OPEN IDENTIFIED BY "0r1cl310g";

ALTER SYSTEM SET WALLET CLOSE;

alter table "DBO"."A" modify ( "A" DECRYPT );